Key Management Celia Li Computer Science and Engineering York University.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Kerberos Short presentation Protocol run Ressources By Artur Hecker, ENST Paris, 11/01/2002.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Diffie-Hellman Key Exchange
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
Key Agreement Guilin Wang School of Computer Science 12 Nov
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
IS511 Introduction to Information Security Lecture 4 Cryptography 2
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
COEN 351 E-Commerce Security
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Diffie-Hellman Key Exchange Color Mixing Example Rick Stroud 21 September 2015 CSCE 522.
Computer and Network Security - Message Digests, Kerberos, PKI –
COMP 424 Computer Security Lecture 09 & 10. Protocol ● An orderly sequence of steps agreed upon by two or more parties in order to accomplish a task ●
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
1 Authentication Protocols Rocky K. C. Chang 9 March 2007.
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
A Novel Cryptography for Ad Hoc Network Security ► Pi Jian-yong; Liu Xin-song; Wu Ai; Liu Dan; ► 2006 International Conference on Communications, Circuits.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Authentication Celia Li Computer Science and Engineering York University.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Computer Communication & Networks
Message Security, User Authentication, and Key Management
Public Key Infrastructure
Celia Li Computer Science and Engineering York University
Presentation transcript:

Key Management Celia Li Computer Science and Engineering York University

2 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

3 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

4 Fundamental Concept Key Management  Provides shared key between two or more parties, typically for subsequent use as symmetric key for a variety of cryptographic purposes including encryption and authentication.  Many protocols involve a centralized or trusted third party  Broadly subdivided into two categories: key transport key agreement

5 Fundamental Concept Key Transport Protocol  One party creates a shared key and securely transfers it to the other(s) Key Agreement Protocol  A shared key is derived by two (or more) parties as a function of information contributed by each of these, such that no party can predetermine the key value

6 Key Management based on Symmetric Key Cryptography  Key Transport  Key Agreement Key Management based on Public Key Cryptography  Key Transport  Key Agreement Key Management Classification

7 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

8 Symmetric Key Transport without a Server  (1.1) Key transfer using symmetric encryption  (1.2) Key transfer using hash function  (1.3) Key transport without a priori shared keys Server-based Protocols o (2.1) Kerberos o (2.2) NS (Needham – Schroeder) shared-key protocol Key Transport based on Symmetric Key Cryptography

9 (1.1) Key transfer using symmetric encryption  Key transfer with one pass or  r A : a random number  t A : timestamp  n A : sequence number  The shared key: K=r A  E: symmetric encryption algorithm  * : optional message fields Key Transport based on Symmetric Key Cryptography

10 (1.1) Key transfer using symmetric encryption  Key transfer with challenge-response  If it is required that the key K be a function (such as hash function) of input from both parties  The shared key K=f(r A, r B ) Key Transport based on Symmetric Key Cryptography

11 (1.2) Key transport using hash functions  // A authenticates B // B authenticates A  K, K’: A and B shared symmetric keys  h K, h’ K’ : a keyed one-way hash function used for authentication  W: final symmetric key Key Transport based on Symmetric Key Cryptography

12 (1.3) Key transport without a priori shared keys  A and B select a prime p  A and B choose random number a and b seperately  A chooses a key K sent to B in message 1  A calculate a -1 based on a x a -1 = 1mod p  K mod p : the shared key for A and B  A know K mod p.  B can calculate b -1 based on b x b -1 = 1mod p  (3) = K b mod p  (K b mod p) = K mod p Key Transport based on Symmetric Key Cryptography b -1

13 Server-based protocols (2.1) Kerberos  Message 1 & 2: C gets the shared key Kcg generated by A  Message 3 & 4: C gets the shared key Kcs generated by G Key Transport based on Symmetric Key Cryptography

14 (2.2) NS (Needham–Schroeder) shared-key protocol Key Transport based on Symmetric Key Cryptography  Message2:  A gets a shared key Kab generated by S  Message 3:  B gets shared key Kab generated by S

15 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

16 Key Agreement Protocol  A shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, such that no party can predetermine the resulting value.  Example: Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography

17 Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography  Let M be a matrix of size (h+1)*N  N: the number of nodes in the network  h: a value chosen by a trusted third party  Matrix M is a public information shared among the participants.  In the key generation phase, trusted third party  Creates a random symmetric matrix D of size (h+1)*(h+1)  Computes an matrix A = (D * M) T where (D * M) T is the transpose of D*M.  Matrix A must be kept securely.

18 Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography  If we let K = A*M, we know that K is a symmetric matrix of size N*N because of the symmetric property of D. Prove: (1) K=A*M = (D*M) T *M = M T * D T *M = M T * D * M (D is a symmetric matrix) (2) (A*M) T = (((D*M) T *M) T = M T * ((D * M) T ) T = M T * D * M Thus, K = K T

19 Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography How the shared key is generated?  Private information of participant i and j  A(i) and A(j) rows of matrix A  Public information of participant i and j  M(i) & M(j) columns of matrix M  Shared key of i and j  exchange their columns M(i) and M(j)  participant i computes: Kij= A(i)*M(j)  participant j computes: Kji= A(j)*M(i)  Kij = Kji  K is symmetric.

20 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

21 One party chooses a key and transfers it to a second party using that party’s public key.  (3.1) Key transport using public key encryption without signatures  (3.2) Key transport using public key encryption with signatures Key Transport based on Public Key Cryptography

22 (3.1) Key transport using public key encryption without signatures  One pass key transport by public key encryption Kb : public key of B K: A encrypts a randomly generated key k, and sends the result to B. Key Transport based on Public Key Cryptography

23 (3.2) Key transport protocols using public key encryption with signature  (3.2.1) Sign the key, encrypt the signed key using public key  (3.2.2) Sign the key, encrypt the unsigned key using public key  (3.2.3) Encrypt the key using public key, sign the encrypted key Key Transport based on Public Key Cryptography

24 Notation For data input y,  S A (y) : Signature operation on y using A’s private key, Kb: public key of B Key Transport based on Public Key Cryptography

25 (3.2.1) Encrypt signed key (3.2.2) Encrypt and Sign separately The asterisk denotes that the timestamp t A of A is optional Key Transport based on Public Key Cryptography

26 (3.2.3) Sign the encrypted key Key Transport based on Public Key Cryptography

27 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

28 Diffie-Hellman  A protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared key over an insecure communications channel.  This key can be used to encrypt subsequent communications using a symmetric key encryption algorithm. Key Agreement based on Public Key Cryptography

29 Diffie-Hellman Alice and Bob agree on two prime numbers, g and p. Alice Bob Key Agreement based on Public Key Cryptography

30 [1] R. Blom, "An optimal class of symmetric key generation systems", Report LiTH-ISY-I , Linköping University, [2] Krawczyk H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO LNCS, vol. 3621, pp Springer, Heidelberg (2005). Full version available at Reference